Tag Archives: virus removal

Beware of the Predator

As if there weren’t enough challenges for growing small and medium size businesses, there is another one to add to their list: Enterprise level malware software at affordable prices. Up to recently, the majority of Data breaches have been targeted at big corporation (Target, Staples, Home Depot, etc.), however now the targets have shifted to smaller companies due to the commercialization of similar malware/keyloggers. Predator Pain and Limitless are two keylogging malware programs that can be bought from underground markets for cheap prices and can be used to attack and spy on anyone. The majority of targets of these keylogging software has been small and medium size businesses, as shown by TrendMicro research. Even though the software can be bought for an inexpensive amount, it is not a rudimentary in its execution. It can steal web (including banking) and email credentials, as well as reconfigure the email account so that it send the victim’s emails directly to the hacker. It can also capture keystrokes and screen shots of the computer. On top of that, it will encrypt all the communications between the infected computer and the criminal’s computer.

The method that criminals use to infect the computers is usually a drive-by download or phishing. Once the computer is infected, the malware will start collecting data, keystrokes and screenshots of the computer. If you are infected with this keylogger, what can you do? Well, there is not much out there in the form of removal of this specific malware. A quick google search for “How to remove Predator Pain” reveals very little on how to properly remove this nasty keylogger. In fact, a lot of the results are about how to use the keylogger and where to get it (paid or free). The only one I was able to find is a bit complicated, and it includes editing the registry, something the average user is not recommended to do, as it could lead to even more problems. There are tools out there that can help get rid of this and other nasty malwares, like Malwarebyes, Spybot, SuperAntiSpyware, but the best solution is prevention.

Just like the saying, an ounce of prevention is worth more than a pound of cure. At TRA Consulting we specialize in IT Managed services geared for Small and Medium size businesses (SMB’s). We take care of all their IT needs, including but not limited to: Desktop support, server administration, Cloud Services integration, Network Administration/Security, etc.

With all the threats out there in the cyber-world, having us in your corner is one of the better decisions a growing business can do. . We have many highly satisfied customers in the Southern California area, including San Diego, Long Beach, Orange County, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Don’t let security threats stifle your business’s growth. Our prices are reasonable and our services are top notch. Call us today for a free consultation. At TRA Consulting, our motto is “Maximum Satisfaction, Minimum Fuss”

POODLE in the middle

Looks like the trend of security flaws in encryption protocols continues. Heartbleed, Bash Shellshock, and now POODLE. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This basically means that on encrypted HTTPS connections, applications like browsers will be forced to default down from TLS to SSL 3.0 even when the application supports all the versions of TLS. SSL 3.0 has been shown to be vulnerable to man-in-the-middle attacks since about 15 years ago. However, many applications and servers still use it because they have not adopted the TLS standard for encryption. An example of this is Internet Explorer 6. Many servers still allow browsers to connect using SSL 3.0, like IE 6, which cannot support TLS. If servers or websites dropped connections that did not support TLS encryption, the applications that only had SSL 3.0 would be dropped as well. Even though the majority of currently browsers support TLS, there are still some people who use older browsers. Even newer browsers use the SSL 3.0 protocol as backup, and this is the mechanism that the POODLE attack uses to hack a computer. In order for a hacker to be able to listen in and intercept your private data with the POODLE attack, they have to be within the same network as you, usually in a public Wi-Fi setting, and then have to inject malicious JavaScript code in your computer from visiting a compromised website, then they can start their man-in-the-middle attack to intercept your cookies and other data.

Browsers like Google Chrome and Mozilla Firefox have already patched this flaw by using the mechanism of TLS_FALLBACK_SCSV, which prevents the automatic fallback down to SSL 3.0. Google engineers are the ones that found the POODLE Vulnerability, which will effectively kill any future use (finally!) of SSL 3.0. Chrome will go beyond patching this vulnerability and will get rid of SSL 3.0 from their browser in the next version of the browser (good riddance!). Internet Explorer released a fixit to Even Sony is patching this on their PS3 and PS4 consoles, permanently getting rid of SSL 3.0 as a form of encryption.

There are still some servers (websites) that still rely on SSL 3.0 to authenticate with the clients, but this is slowly getting patched. Even OpenSSL (which was victim of the Hearbleed bug earlier this year) has patched their code with the included the TLS_FALLBACK_SCSV mechanism. However, the good news regarding POODLE vulnerability stop there. There is a Variant that affects TLS connections as well, but that’s a topic for another blog post.

TRA consulting not only focuses on Home Personal security, but also in SMB (Small to Medium size Businesses) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one. We have many highly satisfied customers in the Long Beach, Orange County, South bay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Our prices are reasonable and our services are top notch. Our motto is “minimum fuss, maximum satisfaction”. Call us Today!!

Haunted by the OLE bugs

Unix/Linux platforms are not the only ones haunted by the old buggy code demon (daemon?). Bash Shellshock was the very serious flaw in the command shell Bash, which runs inside most of Unix/Linux devices, that affected millions of computer and devices around the world. This vulnerability allowed an intruder to take over the whole device, not just intercepting its communication.

Windows experienced a similar situation with the SChannel Vulnerability that was discovered last week, popularly named “Winshock’ by security experts. This vulnerability is a deficiency in the usage of the TLS/SSL protocol, similar to the Heartbleed bug of a few months ago. The difference this time is that, although Microsoft has already patched this flaw for most of Windows Operating Systems, I will not be releasing a patch for Windows XP. Though some security experts do not consider this to be as big a threat as the Heartbleed bug, and even though there have not been any exploits in the wild due to Microsoft being very scant about the details of the vulnerability, it all point to it not being trivial. In fact, there are many cases of the patch that Microsoft released to have created other problems in desktops and servers that have downloaded and installed it. According to reports, it breaks the TLS 1.2, and it slows SQL servers almost to a crawl. But most importantly, Microsoft has kept it up in the windows updates catalog. Incredibly, this is not the first one of the patches that has been botched.

TRA consulting not only focuses on Home Personal security, but also in SOHO (Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one. We have many highly satisfied customers in the Long Beach, Orange County, South bay, and Los Angeles area. Contact us today, and let us take care of all of your computer security needs. Our prices are reasonable and our services are top notch. Our motto is “minimum fuss, maximum satisfaction”.

One of the scariest bug out there in the past few months is the Windows OLE Vulnerability, which had gone unnoticed for almost 20 years (brings back memories of Bash Shellshock, doesn’t it?). This bug has been part of Internet Explorer since IE 3.0, and went unnoticed until recently. If this bug was found by Microsoft, which constantly searches for vulnerabilities and releases updates and patches on a weekly basis for all of their supported systems, who’s to say what other bugs are out there that can be exploited that have gone yet unnoticed by security experts?

It’s been said in jest that “the only secure computer is the one that is unplugged, locked in a safe, and buried 20 feet underground in a secret location”. As optimistic as that sentence makes the world of computer security sound, it is not that bad as long as you take simple precautions. Knowing what to do, or consulting someone who knows what they are doing, (like TRA Consulting) will save you from future headaches.

Call us Today!!

Bash Full of Surprises

Bash full of surprises

Just when you thought that vulnerabilities could not get worse than the Heartbleed bug, (a serious vulnerability in the OpenSSL implementation of SSL cryptography, which can render a computer connected to the internet susceptible to have its communication intercepted by a third party, even when using a VPN) Shellshock bash rears its ugly head.

Bash is a command shell program that runs in UNIX and Linux devices. It’s been around long before the internet became what it is today, and currently it is inside more that 70% of devices that are connected to internet. Servers, computer, network devices, and android mobile devices all a form of Unix/Linux that uses Bash at its core. How bad can this vulnerability be, compared to Heartbleed? With the Heartbleed bug, OpenSSL was used by about two thirds of the webservers all over the world. That made them vulnerable to have their communications snooped on, which means an attacker could look at the data transmitted and steal passwords and other data. With the Bash ‘Shellshock’, it’s a whole ‘nother beast. In this case, an attacker could actually take over any device running Bash. Not just snoop and get data from it, but actually control it from afar.

This vulnerability affects UNIX and Linux systems, which includes Macintosh computers, Android devices, and many webservers around the world. This does not mean that your Mac computer or your Android Tablet can be easily hacked and taken over from anywhere. It would be necessary for the device to be in a public network and the attacker would have to know which network you are on in order to be able to take over your network connected device. The most likely targets of this exploit would be web servers.

The bug is estimated to have been created in 1992, 22 years ago, by an open-source enthusiast who maintained Bash after its original creator, Brian J. Fox, moved on to other things. Open source software has the advantage of having many knowledgeable programmers look over the same code and make sure that it is safe. If there is a bug, they report it and it gets patched. However, all the programmers are doing it as a hobby in their spare time. This does not mean that they cannot create new secure and quality code. It just means that some of the old code might go unchecked because the glory is in creating new and innovative software, rather than the difficult task of debugging older code.

TRA focuses on Medium size and SOHO (Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one on a recurring basis. We have many highly satisfied customers in the Long Beach, Orange County, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer and network security needs. Our prices are reasonable and our services are top notch. Call us today!

The New Normal

The New Normal

Target, Kmart, Staples and Home Depot. What do these four retailers have in common (besides their killer Black Friday deals)? The answer is: they have all been hacked in the past 12 months.

Staples is the last major retailer that has reported a data breach in their systems, in which potentially millions of customers’ credit card information might have been illegally accessed. This breach happened fairly recent, so the extent of the information stolen is not yet known. There is one thing for certain, I will not do my Christmas shopping there. If I do, I will only pay cash.

There have been many data breaches recently in the news, creating what some security experts call “breach fatigue”. Target was one of the first big data breach victims of the year. The corporate giant showed a 46% drop in profits the quarter following the breach became public. Recently, a survey revealed that 45% of consumers will “probably not’ do their Holiday shopping at a store that has suffered a data breach.

One of the latest giant chain stores that has suffered a data breach is Home Depot. Unlike target, Home Depot did not see much of a loss in profit following the news of the data breach. In fact, their stock value went slightly up. Similarly with JP Morgan Chase. This is the phenomenon of ‘breach fatigue” As more and more data breaches occur, the more consumers become numb to it. Especially if they themselves don’t end up becoming a victim of identity fraud.

An ounce of prevention is worth a pound of cure. That well know saying is as true in everyday life as in network security. There are many ways to protect your computers and network, but do you know the right way? At TRA Consulting, we specialize in, among other things, network security. Small and medium size businesses are just as vulnerable as big corporations. Sure, they don’t have such a big target on their back, but since they are less likely to have a robust security as multi-million and multi-billion dollar corporation, they are easier to penetrate.

Recently, the details of the Home Depot breach have come out and they are very similar to the ones from Target. Customers are not punishing Home Depot the same way as the punished Target. Seeing as the trend of more and more breaches are coming to light, it will not be surprising to see consumers still shop at retailers known to have been hacked, and just keep their metaphorical fingers crossed that their credit card info will stay safe.

TRA focuses on Medium size and SOHO(Small Office/Home Office) security. Our goal is to provide full IT support to growing small businesses who are too small to have a full time IT staff, yet big enough that they need one on a semi-daily basis. We have many highly satisfied customers in the Long Beach, Orange County, Southbay, and Los Angeles area. Contact us today, and let us take care of all of your computer and network security needs. Our prices are reasonable and our services are top notch.